High Volume MTA to replace smarthost for outbound email

We currently use our ISP's smarthost for sending out automated noreply emails from our system. We are sending around 20000 emails a day and the ISP has asked us to sort out our own MTA as the load is getting a little high for their comfort. Current SMTP Connector is installed on Server 2003 and forwards all email sent to it from our daemons to a external smarthost.

I am looking for recommendations of what would be the best replacement solution.

There is no need for receiving incoming email.
Currently I am considering each of the following,

1. MS Virtual SMTP Server Connector as MTA - it is currently using this to forward to the smarthost
2. Install Postfix on a Linux server and use this as a smarthost
3. Use an third party provider's smarthost in the same way we are using our ISP's at the moment

My main concerns for each are the following:

            Would it support sending 20000 emails a day?
            Would you recommend SPF record for sending domain to decrease change false positives (SPAM)?
            Can DKIM be configured on each?
            Which methods are more prone to blacklisting assuming they haven't been comprimised?

This is a mission critical service and it needs to work. If sending domain or IP is blacklisted or filtered by any other servers it would be disastrous. Due to this my main prerequisite is reliability.

Could anyone with experience please give me their opinion?

Thanks
thenosAsked:
Who is Participating?
 
Em ManCommented:
also, aside from this

you might also want to remove tracking codes, spam fitlering appliance nowadays are very strick.
and always check you reputation daily using the following.

www.mxtoolbox.com
www.senderbase.org

you might want to check from time to time from the list of RBL site.
Most appliance are blocking IP base on Magnitude of emails being sent.
first you might notice will be a Delay of those emails for 2hours.

last tip:
Assigned Public IP just for this Campaign/Blast. :)
Carefull with those words you use in your Subject Line. :)
0
 
Em ManCommented:
actually this kind of volume will be an issue for reputation.

but here's my take.

Create a Postfix and make sure it is not an open relay.
put an SPF to make sure only allowed server can send emails from your domain.
add DKIM just to add responsibility from your side.

sending 20,000 emails a day, will cause email reputation and you might not like it be 50%-60& of those emails getting bounced-back.

The best if willing is to have a 3rd party Email Campaign to do the job, but it will cause you $$$.

Just my thoughts :)
0
 
PapertripCommented:
I would choose #2, and my reasoning for this can be found in my following comments.

Would it support sending 20000 emails a day?
Absolutely.

Would you recommend SPF record for sending domain to decrease change false positives (SPAM)?
You should always use SPF for any sending domain.  Keep the IP's you use for these mails separate from your main mail flows, such as regular corporate mail.

Can DKIM be configured on each?
Postfix can be easily integrated into postfix using opendkim.  I have both running now and it's pretty straight forward, but can be daunting to those new to the concepts.  I can help with both.  To my knowledge there is no native DKIM signing functionality for Exchange, you have to pay for 3rd party apps to do this.  If someone knows otherwise, please comment.
Which methods are more prone to blacklisting assuming they haven't been comprimised?
If you setup SPF and DKIM along with a matching A/PTR for your sending server(s), and don't use spammy words like "IMPORTANT!!!!" in your mails, you will avoid most if not all blacklists.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
PapertripCommented:
You have to be careful about the volume you send as well, as that is a factor in your overall sending reputation.  20k mails in a day isn't that many and will probably still keep you in the Low volume group, but if you can send to a smaller audience for your first few mailings from your dedicated IP's for these mails, that certainly wouldn't hurt.

You can check your reputation at http://www.senderbase.org and http://www.senderscore.org
0
 
PapertripCommented:
Postfix can be easily integrated into postfix using opendkim.

Woops!  That should read DKIM can be easily integrated.
0
 
thenosAuthor Commented:
Great answers!

FYI: We currently send this volume (20000/day) out using a domain with no SPF, DKIM or matching A/PTR and don't receive any bounce backs. I guess emails could be getting classified as SPAM at the recipient's end but we normally receive notification of this by the client missing deadlines and yelling at us which hasn't happened in at least a year.

I am worried this experience gives me too much confidence so I want to make sure I do my homework first. Keep it coming please!
0
 
PapertripCommented:
Setup postfix+opendkim
Add SPF record
Match A/PTR
Don't use spammy words, include opt-out link (this is mandatory).
done/done.
0
 
PapertripCommented:
+send from dedicated IP(s) separate from other mail flows
0
 
Em ManCommented:
- You need to separate your "Blasting Relay/Campaign" from you "regular" email communication.
- both has separate Public IP to avoid reputation problem.
- Postfix has a tool/script to report how many are received and how many are sent, which domain got a lot of bounce then email the result to you.
- you need to have a double opt-in or single opt-in and easy unsubscribe button from those campaign mails. you don't want your customers or client to hit the SPAM button rather than the Unsubscribe button.
0
 
Em ManCommented:
if only takes a day to be blocked, but it will take months or years before you will be remove. lol

prepare for this reply:
"fixed first your reputation before we will allow your domain/IP to pass"


you are sending 20000 a day, we have a total of 4M a months... hahaha
still we have a good reputation. :)
0
 
PapertripCommented:
Pff we send >4M an hour :p

Hello again taga :)

Looks like I have some new "competition" in the enterprise email arena ;)
0
 
Em ManCommented:
@papertrip:

II will just be second to you hehehe... (you have the shield :D )

before I replace the previous EA, it was my first aim to solve our Poor Reputation.
we've been having Poor Rep for years and I am not sure if they tried fixing it.

but whew! I learned Linux the hard way... lol
0
 
thenosAuthor Commented:
Ok, so I guess I should change the title to "low to medium volume"... :o)

Anyway, the SMTP Virtual server in IIS that current relays all internal email to our ISP's Smarthost seems to handle the load ok at the moment.

Would using DNS to lookup MX records and send email directly, using SMTP Virtual Connector as an MTA instead of arelay to smarthost, use much more resources when talking about 20000 emails a day and assuming SPF, DKIM R/PTR are setup correctly for sending domain?

FYI: Email relay machine is a Dell PE1750 with Xeon 2.4Ghz and 2GB RAM under average of 30% load
0
 
Em ManCommented:
hahahaha... and that 20,0000 is low? yaiks!

Good for you... nice Reg. hehehe

We only have virtual machines with Windows 2003 that has 1GB or RAM and 5GB space available. ahehehe... lol


The sending of emails depends on how those Firewall appliance reacts to your relay, so no matter how fast your serer are, it still depends on how those firewall appliance treat your mails. :)
if they want to delay your mails you cant do anytime. :)  imho
0
 
Em ManCommented:
sorry:

@papertrip: "hahahaha... and that 20,0000 is low? yaiks!"
0
 
thenosAuthor Commented:
No problems with firewall we have a 4ms ping to 8.8.8.8 (Google DNS).

What I really want to know is, our setup as it stands works perfectly.
Is it much different  to use the same setup to send email direct (using DNS) from IIS Virtual SMTP Server instead of relaying it to a smarthost?

taga:
When you say "those Firewall appliance" I assume you mean all firewall appliances between the sending server and the recipient. This should only change very slightly from the current setup as all that will possibly change is the actual external IP used to send the mail from. This new IP will be on the same physical and geographical network as the previous.

Also what impact will changing the IP address used to send have on SPAM filtering if no SPF record exists in the existing setup but will in the proposed?
Do any mainstream SPAM services use any method other than SPF to keep track of what IP addresses emails for a particular domain are coming from?
0
 
Em ManCommented:
On Changing IP:

My way: give that IP a specific domain to relay emails probably around a 200-300 a day, before giving the entire email campaign, if you supply it directly with 1thousands of emails definitely it will be detected by Spam Filtering Appliance(or firewall appliance) having a magnitude of emails going out. there is a big possibility it will be delayed.

No SPF:
most appliance are design to look for SPF configuration in your DNS, in this way they can verify that the originating IP is indeed from your Network, it is highly advisable to have an SPF if you have that magnitude of emails being sent out specially this is a new IP address being introduced.

Tracking IP:
The activity coming from that IP obviously is being recorded by most ISP appliance, most of the time they are relying on RBL, once your IP is being blocked by one RBL site, others will follow blocking that IP address it will happened in minutes without you knowing it.

Your Question:
Is it much different  to use the same setup to send email direct (using DNS) from IIS Virtual SMTP Server instead of relaying it to a smarthost?

None Actually, its the receiving Spam Filter Policy will decide if your emails gets thru/delayed or not.
0
 
Em ManCommented:
when I say "those firewall appliance" I am referring to those who receives your mails.
(sorry for the confusion)

Your New IP will be treated New.
What happened here, is that when that new IP sends volumes of emails, SPAM Filtering appliance might think you have a Dynamic IP(one way to be blocklisted), so before supplying it thousands of emails, I will suggest supply it with lesser traffic of emails for maybe a month. if you can't wait that long and you want that new IP blasting emails then go ahead as long as you know the risk. :)
0
 
Em ManCommented:
Sharing:

- Always Monitor your Bounce Mail and Analyze this regularly.
- Process UNSUBCRIBE ASAP.
- Carefull for MailTrap or HoneyPot. (Only spam goes to this address)
- Secure your Mail not to become an OpenRelay.
- Make your UNSUBSCRIBE button visible. Clicking Spam button is easier for clients to see, than most commonly used unsubscribe button. :)

Good Luck and Hope we Help :)
[time to sleep lol]
0
 
PapertripCommented:
Taga went to sleep, and I just woke up.

Seems we haven't made much forward progress with this yet, but at least some questions have been answered.

@Thenos, what else do you need to know?
0
 
thenosAuthor Commented:
I think that pretty much clears up my questions/concerns.

I am leaning towards using the SMTP virtual server as an MTA to send email direct and slowly adding email traffic to the new IP as taga_ipil suggested. Before commencing this I will add an SPF record with both the old and new IP's, setup DKIM and also a R/PTR.

I think this would be the easiest solution as it would only require very minimal changes from the way things are setup now when working perfectly. We should actually see am improvement as no SPF etc at the moment...
0
 
PapertripCommented:
I mentioned warming up the IP too, but I wouldn't be heavily concerned with only 20k/day, however if you can lighten the load at first it definitely won't hurt.

Are you sure you will be able to DKIM sign using that virtual server without handing over cash for some 3rd party app?
0
 
thenosAuthor Commented:
Excellent point. Sorry, you did mention it previously as well.

Might start SMTP Virtual Server with SPF and but have Postfix setup and ready to go on different IP so that email can be relayed out a different IP if any problems with inital volume on new IP. This will at least give me a second change if the first new IP does get blocked.

I will maybe add DKIM down the track as it seems it is not essential though could potentially avoid some potential future issues if implemented correctly
0
 
PapertripCommented:
It's as essential as SPF.  As you already know, you don't have to have these things in place to send mails, but you should.  SPF and DKIM should be used in conjunction with each other -- neither are the end-all for anti-spam/phishing/spoofing, but combined they offer even more protection of your domains along with higher inbox placements vs getting flagged as spam.

All mails should be DKIM signed and all domains should use SPF.
0
 
thenosAuthor Commented:
Thanks for your advise guys. I think I am now ready to start some testing!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.